WLAN二层旁挂组网-隧道转发-编程阁

WLAN二层隧道转发是一种数据转发模式，AP和AC之间通过CAPWAP隧道封装用户数据，所有用户报文都先送到AC集中处理，再由AC转发出去。

核心特点

‌集中控制‌：所有用户数据都经过AC处理，便于统一管理和安全控制。
‌配置简单‌：通常只需要在AP和AC直连的接口上配置为Trunk模式，允许业务VLAN通过。
‌适用场景‌：适合中小规模网络，或者对集中管理和安全要求较高的环境。

R1路由配置

[Huawei-GigabitEthernet0/0/1]interface GigabitEthernet 0/0/0

[Huawei-GigabitEthernet0/0/0]ip add 192.168.111.1 24

[Huawei-GigabitEthernet0/0/0]quit

[Huawei]ip route-static 192.168.0.0 16 192.168.111.2

SW1核心交换机配置

<Huawei>system-view

[Huawei]vlan batch 100 111 110

[Huawei]interface vlanif100

[Huawei-Vlanif100]ip add 192.168.100.1 24

[Huawei-Vlanif100]interface vlanif111

[Huawei-Vlanif111]ip add 192.168.111.2 24

[Huawei]interface vlanif110

[Huawei-Vlanif110]ip add 192.168.110.1 24

[Huawei-Vlanif110]quit

[Huawei]interface GigabitEthernet 0/0/1

[Huawei-GigabitEthernet0/0/1]port link-type access

[Huawei-GigabitEthernet0/0/1]port default vlan 111

[Huawei-GigabitEthernet0/0/1]interface GigabitEthernet 0/0/2

[Huawei-GigabitEthernet0/0/2]port link-type trunk

[Huawei-GigabitEthernet0/0/2]port trunk allow-pass vlan 100 110

[Huawei-GigabitEthernet0/0/2]port trunk pvid vlan 100

[Huawei-GigabitEthernet0/0/2]interface GigabitEthernet 0/0/3

[Huawei-GigabitEthernet0/0/3]port link-type access

[Huawei-GigabitEthernet0/0/3]port default vlan 100

[Huawei-GigabitEthernet0/0/3]quit

[Huawei]ip route-static 0.0.0.0 0 192.168.111.1

[Huawei]ip route-static 192.168.0.0 16 192.168.110.2

AC1上面的配置

<AC6605>system-view

[AC6605]vlan batch 100 110

[AC6605]interface vlanif 110

[AC6605-Vlanif110]ip add 192.168.110.2 24

[AC6605-Vlanif110]interface vlanif 100

[AC6605-Vlanif100]ip add 192.168.100.2 24

[AC6605]interface GigabitEthernet 0/0/1

[AC6605-GigabitEthernet0/0/1]port link-type trunk

[AC6605-GigabitEthernet0/0/1]port trunk pvid vlan 100

[AC6605-GigabitEthernet0/0/1]port trunk allow-pass 100 110

[AC6605-GigabitEthernet0/0/1]quit

[AC6605]vlan batch 101 102

[AC6605]interface vlanif 101

[AC6605-Vlanif101]ip add 192.168.101.1 24

[AC6605-Vlanif101]interface vlanif 102

[AC6605-Vlanif102]ip add 192.168.102.1 24

[AC6605-Vlanif102]quit

[AC6605]ip route-static 0.0.0.0 0 192.168.110.1

AC1上配置DHCP

[AC6605]dhcp enable

[AC6605]ip pool vlan100

[AC6605-ip-pool-vlan100]network 192.168.100.0 mask 24

[AC6605-ip-pool-vlan100]gateway-list 192.168.100.1

[AC6605-ip-pool-vlan100]dns-list 8.8.8.8

[AC6605-ip-pool-vlan100]quit

[AC6605]ip pool vlan101

[AC6605-ip-pool-vlan101]network 192.168.101.0 mask 24

[AC6605-ip-pool-vlan101]gateway-list 192.168.101.1

[AC6605-ip-pool-vlan101]dns-list 8.8.8.8

[AC6605-ip-pool-vlan101]quit

[AC6605]ip pool vlan102

[AC6605-ip-pool-vlan102]network 192.168.102.0 mask 24

[AC6605-ip-pool-vlan102]gateway-list 192.168.102.1

[AC6605-ip-pool-vlan102]dns-list 8.8.8.8

[AC6605-ip-pool-vlan102]quit

[AC6605]interface vlanif 100

[AC6605-Vlanif100]dhcp select global

[AC6605-Vlanif100]quit

[AC6605]interface vlanif101

[AC6605-Vlanif101]dhcp select global

[AC6605-Vlanif101]quit

[AC6605]interface vlanif102

[AC6605-Vlanif102]dhcp select global

[AC6605-Vlanif102]quit

在AC1上配置AP上线

指定和AP建立capwap的地址或接口

[AC6605]capwap source interface vlanif 100

配置域管理模版

[AC6605]wlan

[AC6605-wlan-view]regulatory-domain-profile name default

[AC6605-wlan-regulate-domain-default]country-code cn

[AC6605-wlan-regulate-domain-default]quit

创建AP组(因为有多个AP所以创建组来进行区分)

[AC6605]wlan

[AC6605-wlan-view]ap-group name ap-office1

[AC6605-wlan-ap-group-ap-office1]regulatory-domain-profile default

onfigurations of the radio and reset the AP. Continue?[Y/N]:y

[AC6605-wlan-ap-group-ap-office1]quit

[AC6605-wlan-view]ap-group name ap-office2

[AC6605-wlan-ap-group-ap-office2]regulatory-domain-profile default

onfigurations of the radio and reset the AP. Continue?[Y/N]:y

[AC6605-wlan-ap-group-ap-office2]quit

[AC6605-wlan-view]

将AP添加到AP组中

[AC6605-wlan-view]ap-id 1 ap-mac 00e0-fc6e-26b0

[AC6605-wlan-ap-1]ap-name ap1

[AC6605-wlan-ap-1]ap-group ap-office1

Warning: This operation may cause AP reset. If the country code changes, it willclear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y

Info: This operation may take a few seconds. Please wait for a moment.. done.

[AC6605-wlan-ap-1]quit

[AC6605-wlan-view]ap-id 2 ap-mac 00e0-fcc0-34c0

[AC6605-wlan-ap-2]ap-name ap2

[AC6605-wlan-ap-2]ap-group ap-office1

Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y

Info: This operation may take a few seconds. Please wait for a moment.. done.

[AC6605-wlan-ap-2]quit

[AC6605-wlan-view]ap-id3ap-mac00e0-fca7-18d0

[AC6605-wlan-ap-3]ap-name ap3

[AC6605-wlan-ap-3]ap-group ap-office2

Warning: This operation may cause AP reset. If the country code changes, it willclear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y

Info: This operation may take a few seconds. Please wait for a moment.. done.

[AC6605-wlan-ap-3]quit

[AC6605-wlan-view]ap-id4ap-mac00e0-fc8f-3db0

[AC6605-wlan-ap-4]ap-name ap4

[AC6605-wlan-ap-4]ap-group ap-office2

Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y

Info: This operation may take a few seconds. Please wait for a moment.. done.

[AC6605-wlan-ap-4]quit

配置AP上线

配置SSID模版
配置安全模版
配置vap模版
在ap组中应用vap模版、

配置SSID模版

[AC6605]wlan

[AC6605-wlan-view]ssid-profile name ssid-office1

[AC6605-wlan-ssid-prof-ssid-office1]quit

[AC6605-wlan-view]ssid

[AC6605-wlan-view]ssid-profile name ssid-office2

[AC6605-wlan-ssid-prof-ssid-office2]

[AC6605-wlan-ssid-prof-ssid-office2]quit

配置安全模版

[AC6605-wlan-view]security-profile name sec-office1

[AC6605-wlan-sec-prof-sec-office1]security wpa-wpa2 psk pass-phrase a1234567 aes

[AC6605-wlan-sec-prof-sec-office1]security-profile name sec-office2

[AC6605-wlan-sec-prof-sec-office2]security wpa-wpa2 psk pass-phraseb1234567 aes

配置vap模版

[AC6605-wlan-view]vap-profile name vap-office1

[AC6605-wlan-vap-prof-vap-office1]forward-mode tunnel